You are here: Reference > Rule types > Attachment Categories > Attachment Category form - Completing the Security tab

Attachment Category form
Completing the Security tab

  1. About 
  2. New 
  3. Security 
  4. Availability 
  5. History 
  6. More... 

Use this tab to restrict user operations for attachments of this category and work type based on privileges and when rule. The user must meet all when rule restrictions and at least one privilege to gain access.

See Creating an attachment category.

Access Control List by Privilege

Complete this optional array to limit user capabilities for attachments of this category based on privilege rules. If blank, no privilege is required. However, when rules still apply, if specified in the Access Control by When Rule array. If an operation check box is not selected, the qualified user cannot perform the operation.

Field

Description

Access Control List by Privilege

The order of rows in this array is not significant. When multiple rows associate a privilege and a capability, a user must hold at least one of the privileges.

Privilege Name

Select a Privilege Name — second key part of a privilege rule. When you save the rule, the system uses the Applies To class of this attachment category to validate the privilege name.

Create

Select to grant the ability to add attachments of this category to only those requestors who hold the privilege in the Privilege Name field.

Edit

Select to grant the ability to edit attachments of this category to only those requestors who hold the privilege in the Privilege Name field.

Permission to Edit implies permission to View.

View

Select to grant the ability to view attachments of this category to only those requestors who hold the privilege in the Privilege Name field.

Delete Own

Select to grant the ability to delete attachments of this category that they added earlier to only those requestors who hold the privilege in the Privilege Name field.

Delete Any

Select to grant the ability to delete any attachments of this category to only those requestors who hold the privilege in the Privilege Name field.

Permission to Delete Any implies permission to Delete Own.

For an example, see the PDN article How to enable attachment security using attachment categories.

Attachment category rules do not allow anyone to delete correspondence items, a special form of file attachment. The system retains correspondence as a permanent record of information that was conveyed to an outside party or system.

Access Control List by When Rule

Complete this optional array to limit user capabilities for attachments of this category based on when condition rules. If this array is blank, there are no when condition tests for access. However, privileges (if specified in the Access Control List by Privilege array) still apply. If an operation check box is not selected (blank), the qualified user cannot perform it.

Field

Description

Access Control List by When

The order of rows in this array is not significant. When multiple rows associate a when condition rule and a capability, all of the when rules must evaluate to true.

Rule

Enter the When Name key part of a when condition rule. Rule resolution uses this name and the Applies To key part of this attachment category rule to find the when rule.

You can reference the standard rule @baseclass.always to enable capabilities.

Create

Select to grant the ability to add attachments of this category to runtime environments where the when rule evaluates to true.

Edit

Select to grant the ability to edit attachments of this category to runtime environments where the when rule evaluates to true.

View

Select to grant the ability to view attachments of this category to runtime environments where the when rule evaluates to true.

Delete Own

Select to grant the ability to delete attachments of this category that the same operator added to runtime environments where the when rule evaluates to true.

Delete Any

Select to grant the ability to delete any attachment of this category to runtime environments where the when rule evaluates to true.

Additional Security Options

Field

Description

Enable Attachment Level Security

Select to allow the operator who attaches a file attachment of this category to identify one or more work groups that have access to the attachment.

This attachment-level restriction, if enabled, operates in addition to and independently of any restrictions defined on this tab for the category. For an example, see the PDN article How to control access to categorized attachments.